In existing on-line electronic transaction systems, an on-line vendor site processes a payment from a buyer dealing directly with another entity that is involved in the transaction. Generally, the other entity is a financial institution that accepts credit card payments, prepaid cards, prepaid accounts, bank wirings, tokens, and/or other forms of payment. Thus, one of the on-line vendor site or the financial institution require to obtain confidential data from the buyer such as personal identity, personal name, personal address, postal address, credit card data, bank account information and/or other financial data. The buyer, the on-line vendor site, and the other entity communicate over a same network, typically the internet.
Although various measures may be implemented to secure the transmission of the confidential information, e.g., encryption of transmission, use of firewalls to protect payment servers storing the confidential information, etc., it appears that the confidential information is never really safe from being stolen by thieves operating over the same network as the on-line vendor site, the buyer and/or the other entity. Moreover, the rising number of on-line vendor sites requires the confidential information to be dispatched an/or stored as many times as there as vendor sites used by the buyer. The number of security breaches occurring on the vendor sites or during transmission has been increasing recently, thereby causing increasing misuse of confidential data, and substantial financial damages to buyers and institutions that guarantee the payment of on-line transactions, such as credit card and insurance companies.
In an effort to improve security in payment processing it is known to involve a third party for the payment processing. The International application published under WO 02/05231A2 discloses such a system wherein a buyer uses the internet to make an on-line selection of items on a seller's web site, and is redirected over the internet to a third party payment processor to process payment for an electronic transaction. During exchanges with the payment processor, the buyer may be electrically disconnected from the seller, thereby preventing financial or private data from being passed to the seller. The third party establishes an account for the buyer, if one does not already exist which may be funded by a credit card, debit card or bank account. The account is identified with an electronic mail address or other unique identifier. The payment processor transfers payment from the buyer to the seller. Eventually, the buyer may be redirected to the seller after completion or cancellation of payment. In the system of WO 02/05231A2, the buyer's financial information is transmitted over the internet connection between the buyer and the payment processor at the time of requesting payment, or retrieved from a storage of the payment processor if the buyer had previously transmitted his/her financial information in view of upcoming transactions. On the whole, at least at some point in time, the buyer needs to transmit financial or private data over the internet. In case a thief gets hold of buyer's account identification, the thief may at least use the account to pay for items bought on the seller's site.
Thus, the technical problem to be solved involves the execution of an electronic commerce transaction without sensitive and/or personal information being transmitted via an unsecured network, such as the Internet at any time. Further, such sensitive/personal information also should not be stored at a known location that is accessible via an unsecure network connection.